BurpSuite is by far, my favorite web application proxy. There is a limitation that I have found a unique way around, so I figured I would share it with everyone. BurpSuite does not have an easy way to import a list of targets when starting a web application assessment. Obviously, you can browse to the web applications using a browser, but this is time consuming. So we need a better way.
All that is needed is a method to make requests that pass through the proxy. So we can use LWP::UserAgent. Nmap is always helpful for finding open ports, so we can use that to speed things up as well. Nmap will find all of the web applications and then we can leverage Perl to populate BurpSuite’s target list.
First, we perform an nmap scan:
sudo nmap -p 80,443 -sS -oX nmap-web.xml -PN
Now, we parse the output of the nmap scan and generate files that contain the web servers running on port 80/tcp and 443/tcp. I have written a Perl script to parse nmap XML files. This script can be found here. Using this script we simply execute:
perl nmap-parse.pl -f nmap-web.xml -p 80 > 80-tcp.txt
perl nmap-parse.pl -f nmap-web.xml -p 443 > 443-tcp.txt
Now, we just need to import each file and perform a request for each web application. The key is that we have BurpSuite listening locally, so that all of the requests will pass through the proxy. The script is called proxycrawl and it will populate the target list because it makes requests through the proxy. It can be found here.
perl proxycrawl.pl -i 80-tcp.txt
perl proxycrawl.pl -i 443-tcp.txt --ssl
After running this script, you should see all of the targets populated in BurpSuite and you are ready be begin your web application assessment.